Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Bloodhound.Sonar.1


  • Please log in to reply

#1
FlahertGa

FlahertGa

    New Member

  • Member
  • Pip
  • 1 posts
I am running XP w/SP3 and Norton 360 2.0 Read to run a HiJAckThis.log and is included, not sure what else to do. Contacted Norton, with little to no help. Also am getting a notice (twice in three weeks compared to almost 3-4 times aday for the bloodhound...) about a "DownLoader".? was unable to upload... "Upload failed. You are not permitted to upload this type of file" Will try tp post. Sorry for the large post. Thanks in advance, Jeff.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:33 AM, on 11/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec

Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Symantec

Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program

Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
C:\Program Files\Common

Files\Motive\McciCMService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc

.exe
C:\Documents and Settings\Owner\Local

Settings\Application

Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Bar =

http://us.rd.yahoo.c...s/sb/msgr8/*htt

p://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start

Page = http://home.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start

Page = http://home.bellsouth.net/
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet

Explorer\SearchURL,(Default) =

http://us.rd.yahoo.c...s/su/msgr8/*htt

p://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local

Page = \blank.htm
O2 - BHO: (no name) -

{02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: C:\WINDOWS\system32\jsne87fidgf.dll -

{C5BF49A2-94F3-42BD-F434-3604812C897D} -

C:\WINDOWS\system32\jsne87fidgf.dll
O3 - Toolbar: Show Norton Toolbar -

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program

Files\Common Files\Symantec

Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton

360\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common

Files\Symantec Shared\ccApp.exe
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting]

"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe"

-t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting]

"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe"

-t (User 'Default user')
O7 -

HKCU\Software\Microsoft\Windows\CurrentVersion\Policie

s\System, DisableRegedit=1
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) -

{e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} -

http://help.bellsout...oad/tgctlcm.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E}

(Musicnotes Viewer) -

http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}

(Windows Genuine Advantage Validation Tool) -

http://go.microsoft....k/?LinkID=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}

(Symantec AntiVirus scanner) -

http://security.syma...Content/vc/bin/

AvSniff.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5}

(Microsoft Data Collection Control) -

https://support.micr...ActiveX/odc.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}

(Installation Support) - C:\Program

Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} -

https://setup.bellso...atic/controls/W

ebflowActiveXInstaller_6-1-2.cab
O16 - DPF: {444B911E-6E55-4A11-B3E9-0D3E21AE0437} -

http://www.exfol.com/v/1/i/eins005.exe
O16 - DPF: {49232000-16E4-426C-A231-62846947304B}

(SysData Class) -

http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}

(WUWebControl Class) -

http://update.micros.../v6/V5Controls/

en/x86/client/wuweb_site.cab?1133556465031
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5}

(Symantec RuFSI Utility Class) -

http://security.syma...edContent/commo

n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862}

(Symantec Download Manager) -

https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM

Access Support) -

http://www-307.ibm.c...rt/IbmEgath.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1}

(FujifilmUploader Class) -

http://photo.walmart...ifilmUploadClie

nt.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539}

(Crucial cpcScan) -

http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2}

(CentrinoCheck Control) -

http://entriq.vo.lln.../cabs/cpucheck_

1_0_0_4.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} -

http://entriq.vo.lln...cabs/Entriq_3_4

_0_15_Silent.cab
O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} -

http://entriq.vo.lln.../cabs/NBCUniver

sal_1_0_0_3.cab
O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw -

{C5BF49A2-94F3-42BD-F434-3604812C897D} -

C:\WINDOWS\system32\jsne87fidgf.dll
O23 - Service: Apple Mobile Device - Apple, Inc. -

C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec

Corporation - C:\Program

Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) -

Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) -

Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service

(CLTNetCnService) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google -

C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -

Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation -

C:\Program

Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation -

C:\Program Files\Common Files\Symantec

Shared\ccSvcHst.exe
O23 - Service: McciCMService - Motive Communications,

Inc. - C:\Program Files\Common

Files\Motive\McciCMService.exe
O23 - Service: Pml Driver HPZ12 - HP -

C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SNMP Service (SNMP) - Unknown owner -

C:\WINDOWS\System32\snmp.exe (file missing)
O23 - Service: SNMP Trap Service (SNMPTRAP) - Unknown

owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner -

C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc

.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. -

C:\Program Files\Common Files\Symantec Shared\Support

Controls\ssrc.exe

--
End of file - 8683 bytes
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello FlahertGa

Welcome to G2Go. :)
=====================
Please make sure that Wordwrap is turned off inside of the notepad files Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
====================
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP